Show Posts
1
General Discussion / TCP issues with IPv6
« on: July 04, 2017, 06:21:37 pm »
Hi Guys,
I've configured an OPNsense router and want to add IPv6 capability to our client pcs.
Basically everything works fine. The internet connection is managed by a Fritz Box 7490 and has a static IP from the provider.
OPNsense is connected to the Fritz Box and requesting an IPv6 network via prefix delegation. Alternative configuration is to add static IPv6 routing.
(Fritz Box) → (OPNsense) → (Client Network)
Both scenarios work fine, with some slight exceptions.
Most Dual-Stack servers are reachable without any issues.
Some hosts though (like https://www.heise.de) trigger a delay around 10 seconds, some others (like https://kb.vmware.com) are not reachable via IPv6 at all.
The behaviour:
* heise.de shows an initial 10 seconds delay, after that the site responds immediately for a couple of hours
* vmware.com does not get any answer through whatsoever
It is not an issue with the server as I can reach both above URLs when I connect to Fritz Box directly or via a mobile device (also IPv6 enabled).
The TCP connection is established from what I can see.
Client side states ESTABLISHED and OPNsense lists the connection as ESTABLISHED as well, e.g. in Firewall → Diagnostics → pfTop
It also does not seem to be an MTU related issue, as I can ping heise.de with large packets.
Any ideas what I can test or how to address this issue?
Regards,
Hrvoje
I've configured an OPNsense router and want to add IPv6 capability to our client pcs.
Basically everything works fine. The internet connection is managed by a Fritz Box 7490 and has a static IP from the provider.
OPNsense is connected to the Fritz Box and requesting an IPv6 network via prefix delegation. Alternative configuration is to add static IPv6 routing.
(Fritz Box) → (OPNsense) → (Client Network)
Both scenarios work fine, with some slight exceptions.
Most Dual-Stack servers are reachable without any issues.
Some hosts though (like https://www.heise.de) trigger a delay around 10 seconds, some others (like https://kb.vmware.com) are not reachable via IPv6 at all.
The behaviour:
* heise.de shows an initial 10 seconds delay, after that the site responds immediately for a couple of hours
* vmware.com does not get any answer through whatsoever
It is not an issue with the server as I can reach both above URLs when I connect to Fritz Box directly or via a mobile device (also IPv6 enabled).
The TCP connection is established from what I can see.
Client side states ESTABLISHED and OPNsense lists the connection as ESTABLISHED as well, e.g. in Firewall → Diagnostics → pfTop
It also does not seem to be an MTU related issue, as I can ping heise.de with large packets.
Any ideas what I can test or how to address this issue?
Regards,
Hrvoje